Skip to main content
CVE-2025-32813 HIGH POC THREAT Act Now

An issue was discovered in Infoblox NETMRI before 7.6.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.3% and no vendor patch available.

Command Injection Netmri
NVD
CVSS 3.1
7.2
EPSS
10.3%
CVE-2025-4123 HIGH POC PATCH This Week

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect XSS SSRF Grafana Path Traversal
NVD Exploit-DB VulDB
CVSS 3.1
7.6
EPSS
6.3%
CVE-2025-45471 HIGH POC This Week

Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Measure Cold Start
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-40462 HIGH POC This Week

An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Innovation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40461 HIGH POC This Week

An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Innovation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40460 HIGH POC This Week

An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Innovation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40459 HIGH POC This Week

An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Innovation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40458 HIGH POC This Week

An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Innovation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-41199 HIGH POC This Week

An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Innovation
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-3887 HIGH POC PATCH This Week

A stack-based buffer overflow vulnerability exists in GStreamer's H265 codec parsing functionality that allows remote attackers to execute arbitrary code on affected systems. The vulnerability occurs when processing malformed H265 slice headers, enabling attackers to overflow a fixed-length stack buffer and potentially take control of the application processing the media content. With an EPSS score of 0.61% (69th percentile) and a CVSS score of 8.8, this represents a significant risk for applications using GStreamer for video processing, though it requires user interaction to exploit.

RCE Buffer Overflow Debian Linux Gstreamer Red Hat +1
NVD VulDB GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2024-13956 HIGH This Week

SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.8
EPSS
0.3%
CVE-2024-13952 HIGH This Week

Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series:. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-2759 HIGH PATCH This Week

A local privilege escalation vulnerability in GStreamer's installer allows attackers with low-privileged access to escalate to higher privileges due to incorrect folder permissions. The vulnerability affects all versions of GStreamer and enables arbitrary code execution in the context of a target user. With a low EPSS score of 0.01% and no KEV listing, this vulnerability has limited evidence of active exploitation in the wild.

Privilege Escalation RCE Gstreamer Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-3937 HIGH This Week

Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Niagara Niagara Enterprise Security Windows
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-5024 HIGH PATCH This Week

A flaw was found in gnome-remote-desktop. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD VulDB
CVSS 3.1
7.4
EPSS
0.5%
CVE-2025-2272 HIGH This Week

Uncontrolled Search Path Element vulnerability in Forcepoint FIE Endpoint allows Privilege Escalation, Code Injection, Hijacking a privileged process.05. Rated high severity (CVSS 7.3). No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2024-51552 HIGH This Week

Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2025-33137 HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Faspex
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-33136 HIGH This Week

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Aspera Faspex
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-48848 HIGH This Week

Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series:. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.0
EPSS
0.3%
CVE-2024-51553 HIGH This Week

Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series:. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-13957 HIGH This Week

SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2025-47181 HIGH This Month

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure Edge Update Chrome
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-13947 HIGH This Month

Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromised*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2024-13946 HIGH POC This Month

DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.*; NEXUS Series: through 3.*; MATRIX Series:. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
1.1%
CVE-2025-48075 HIGH POC PATCH This Month

Fiber is an Express-inspired web framework written in Go. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Fiber Suse
NVD GitHub
CVSS 4.0
7.7
EPSS
0.5%
CVE-2025-30172 HIGH This Month

Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials become compromised08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection
NVD
CVSS 4.0
8.9
EPSS
1.3%
CVE-2025-30171 HIGH This Month

System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if session administrator credentials become compromised.08.03; NEXUS Series: through 3.08.03; MATRIX. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.3
EPSS
0.4%
CVE-2025-2410 HIGH This Month

Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised.08.03; NEXUS Series: through. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.9
EPSS
0.3%
CVE-2025-2409 HIGH This Month

File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if session administrator credentials become compromised08.03; NEXUS Series: through 3.08.03; MATRIX. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.9
EPSS
0.4%
CVE-2024-9639 HIGH This Month

Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection
NVD
CVSS 4.0
7.5
EPSS
1.3%
CVE-2024-52874 HIGH This Month

In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Netmri
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-13931 HIGH This Month

Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 4.0
7.5
EPSS
0.4%
CVE-2024-13929 HIGH This Month

Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 4.0
7.5
EPSS
1.7%
CVE-2024-13928 HIGH This Month

SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised.08.03; NEXUS Series: through 3.08.03;. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection SQLi
NVD
CVSS 4.0
7.5
EPSS
0.2%
CVE-2025-47779 HIGH POC This Month

Asterisk is an open-source private branch exchange (PBX). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Asterisk Certified Asterisk
NVD GitHub
CVSS 3.1
7.7
EPSS
0.3%
CVE-2025-46715 HIGH POC This Month

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Memory Corruption Buffer Overflow Sandboxie Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-45472 HIGH This Month

Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and compromise the customer cloud account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Autodeploy Layer
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-43596 HIGH This Month

An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows a low privileged user to execute commands with SYSTEM level privileges using a specially crafted file with an arbitrary. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Backup
NVD
CVSS 4.0
8.5
EPSS
0.5%
CVE-2024-48850 HIGH This Month

Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
7.5
EPSS
0.4%
CVE-2025-4366 HIGH PATCH This Month

A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Request Smuggling Authentication Bypass Pingora Cloudflare
NVD GitHub
CVSS 4.0
7.4
EPSS
0.6%
CVE-2025-45468 HIGH This Month

Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fc Stable Diffusion
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-5080 HIGH POC This Week

A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Fh451 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
1.2%
CVE-2025-0993 HIGH This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-46714 HIGH POC This Month

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Buffer Overflow Sandboxie Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-46713 HIGH POC This Month

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Buffer Overflow Sandboxie Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-3945 HIGH This Month

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Niagara Niagara Enterprise Security
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2025-3944 HIGH This Month

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation.14.2, before 4.15.1,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Niagara Niagara Enterprise Security
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-41403 HIGH This Month

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Manageengine Adaudit Plus
NVD
CVSS 3.1
8.3
EPSS
2.2%
CVE-2025-3836 HIGH This Month

Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Manageengine Adaudit Plus
NVD
CVSS 3.1
8.3
EPSS
2.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy